From 80b3c7b8458c1d43e538a3447f2a1f95ee49edb9 Mon Sep 17 00:00:00 2001
From: Feng Shengqin <feng.shengqin@zte.com.cn>
Date: Fri, 19 Jan 2018 15:32:21 +0800
Subject: [PATCH] Populate 'security_groups' field from pre-existing port

Depends-On: I15107d8e848d542b856e531548844e56dfd0add4
Change-Id: Id8537ac4ac8c44476e08a89388c2b619368641d8
Closes-Bug: #1744149
---
 zun/network/kuryr_network.py                 | 7 +++++++
 zun/tests/unit/network/test_kuryr_network.py | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/zun/network/kuryr_network.py b/zun/network/kuryr_network.py
index 99929e301..e583de6a2 100644
--- a/zun/network/kuryr_network.py
+++ b/zun/network/kuryr_network.py
@@ -191,6 +191,13 @@ class KuryrNetwork(network.Network):
             # We might revisit this behaviour later. Alternatively, we could
             # either throw an exception or overwrite the port's security
             # groups.
+            if not container.security_groups:
+                container.security_groups = []
+            if neutron_port['security_groups']:
+                for sg in neutron_port['security_groups']:
+                    if sg not in container.security_groups:
+                        container.security_groups += [sg]
+                container.save(self.context)
 
             # update device_id in port
             port_req_body = {'port': {'device_id': container.uuid}}
diff --git a/zun/tests/unit/network/test_kuryr_network.py b/zun/tests/unit/network/test_kuryr_network.py
index 6ec5efd1f..de643414a 100644
--- a/zun/tests/unit/network/test_kuryr_network.py
+++ b/zun/tests/unit/network/test_kuryr_network.py
@@ -46,7 +46,8 @@ class FakeNeutronClient(object):
 
     def get_neutron_port(self, port_id):
         return {'fixed_ips': [{'ip_address': '192.168.2.22'}],
-                'id': '1234567'}
+                'id': '1234567',
+                'security_groups': []}
 
     def get_neutron_network(self, network_id):
         return {'shared': False}